[svn-commits] mmichelson: branch 1.4 r149130 - /branches/1.4/channels/chan_sip.c

Tue Oct 14 15:49:02 CDT 2008

Author: mmichelson
Date: Tue Oct 14 15:49:02 2008
New Revision: 149130

URL: http://svn.digium.com/view/asterisk?view=rev&rev=149130
Log:
Don't allow reserved characters to be used in register
lines in sip.conf.

(closes issue #13570)
Reported by: putnopvut


Modified:
    branches/1.4/channels/chan_sip.c

Modified: branches/1.4/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_sip.c?view=diff&rev=149130&r1=149129&r2=149130
==============================================================================

--- branches/1.4/channels/chan_sip.c (original)
+++ branches/1.4/channels/chan_sip.c Tue Oct 14 15:49:02 2008
@@ -166,6 +166,8 @@
 #ifndef IPTOS_MINCOST
 #define IPTOS_MINCOST           0x02
 #endif
+
+#define SIP_RESERVED ";/?:@&=+$,# "
 
 /* #define VOCAL_DATA_HACK */
 
@@ -4724,9 +4726,11 @@
 	struct sip_registry *reg;
 	int portnum = 0;
 	char username[256] = "";
+	char *user;
 	char *hostname=NULL, *secret=NULL, *authuser=NULL;
 	char *porta=NULL;
 	char *contact=NULL;
+	char *reserved = NULL;
 
 	if (!value)
 		return -1;
@@ -4746,6 +4750,16 @@
 		authuser = strchr(secret, ':');
 		if (authuser)
 			*authuser++ = '\0';
+	}
+	user = username;
+	if ((reserved = strpbrk(user, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	if (!ast_strlen_zero(secret) && (reserved = strpbrk(secret, SIP_RESERVED))) {
+		goto invalid_char;
+	}
+	if (!ast_strlen_zero(authuser) && (reserved = strpbrk(authuser, SIP_RESERVED))) {
+		goto invalid_char;
 	}
 	/* split host[:port][/contact] */
 	contact = strchr(hostname, '/');
@@ -4761,6 +4775,9 @@
 			ast_log(LOG_WARNING, "%s is not a valid port number at line %d\n", porta, lineno);
 			return -1;
 		}
+	}
+	if ((reserved = strpbrk(hostname, SIP_RESERVED))) {
+		goto invalid_char;
 	}
 	if (!(reg = ast_calloc(1, sizeof(*reg)))) {
 		ast_log(LOG_ERROR, "Out of memory. Can't allocate SIP registry entry\n");
@@ -4793,6 +4810,10 @@
 	ASTOBJ_CONTAINER_LINK(&regl, reg);	/* Add the new registry entry to the list */
 	ASTOBJ_UNREF(reg,sip_registry_destroy);
 	return 0;
+
+invalid_char:
+	ast_log(LOG_WARNING, "A reserved character ('%c') was used in a \"register\" line. This registration will not occur\n", *reserved);
+	return -1;
 }
 
 /*! \brief  Parse multiline SIP headers into one header


